Pablo M. Cibraro (aka Cibrax)

Unity has been for the last few years one of the Microsoft patterns & practices battle horses for doing dependency injection in .NET applications. It was first born in 2008 and evolve over the years to the current state. In short, it provides the following features,

Self Hosting a Http server is a very common scenario these days with the push that Microsoft and the rest of the community are giving to Owin. One of the challenges you often find in this scenario is the ability to use HTTPS, and I can say by experience that it's not something trivial. You have to run several commands, and usually generate a self signed certificate for SSL.

ASP.NET Web API does not provide any output caching capabilities out of the box other than the ones you would traditionally find in the ASP.NET caching module. Fortunately, Filip wrote a very nice library that you can use to decorate your Web API controller methods with an [OutputCaching] attribute, which is similar to the one you can find in ASP.NET MVC. This library provides a way to configure different persistence storages for the cached data, which uses memory by default. As part of this post, I will show how you can implement your own persistence provider for AppFabric in order to support distributed caching on web applications running on premises.

Once you write an OWIN Middleware service, it can be reused everywhere as long as OWIN is supported. In my last post, I discussed how you could write an Authentication Handler in Katana for Hawk (HMAC Authentication). Good news is NancyFx can be run as an OWIN handler, so you can use many of existing middleware services, including the ones that are ship with Katana.

As I discussed in my previous post, Katana is pretty much organized in middleware services. One of those middleware services is authentication, which provides some built-in implementations for existing OAuth providers such as Facebook, Twitter, Google or Microsoft, and also an implementation for Forms authentication with cookies. All those implementations are currently distributed as Nuget packages under the name of Microsoft.Owin.Security.*, where the last part identifies the name of the implementation (e.g. Microsoft.Owin.Security.Twitter).

The .NET ecosystem offers today a lot of alternatives for developing web applications. You can either use any of the frameworks supported by Microsoft with ASP.NET such as Forms, MVC or Web API, or any other open source alternative like FubuMVC, ServiceStack, NancyFx or OpenRasta to name a few. From an architecture standpoint, all these frameworks have three main layers in common (in spite of the difference with the implementation details), hosting, middleware, and application.

ETW or Event Tracing for Windows is a very efficient pub/sub built-in mechanism that runs in Kernel Mode for doing event tracing. That implies there is just a little overhead in using this feature compared to other traditional tracing solutions that are I/O bound and drop the traces in different storages like files or databases for example. As it is a built-in mechanism in Windows, many of the operating systems services and components make good use of it. You can not only troubleshoot your application but also many of the OS components involved in the execution of that application.

Some Web APIs use the client IP address to enforce Service Level Agreements such as limit the number of calls in a period of time. The client IP address can be used as a replacement for an authentication key sometimes when a previous registration of client applications is not required.

Most of the Web APIs available out there in the web nowadays use some kind of authentication for identifying client applications. Although they implement authentication in different ways, they can be typically categorized in three main groups, services that use Keys, OAuth or HMAC.

One of the features supported by Hawk, an HTTP authentication protocol based on HMAC, is to provide read-only access to a Web API for a short period time. That’s performed through a token called “bewit” that a Web API can provide to a client. That token is only valid for Http GET calls and it can be used for a limited period of time.